all things security
Showing 1 - 25 of 12,589 RSS Feed

Arbitrary Files

Red Hat Security Advisory 2017-2931-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | c1dbd6840e2e16c4205c17a6e62ec9fa
Red Hat Security Advisory 2017-2930-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2930-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | bde81e8df0854f9e0da92d2d031727b7
Red Hat Security Advisory 2017-2918-01
Posted Oct 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2918-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-14340, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558
MD5 | 8518b2d326398c1a3d949f4ea8241046
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption
Posted Oct 18, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ has had numerous security vulnerabilities addressed including arbitrary code execution, memory corruption, cookie theft, and various other issues.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142
MD5 | 40a14f9ee80a9b6a0dd89788c1f7de76
Gentoo Linux Security Advisory 201710-20
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-20 - Multiple vulnerabilities have been found in Nagios, the worst of which could lead to the remote execution of arbitrary code. Versions prior to 4.3.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9565, CVE-2016-9566, CVE-2017-12847
MD5 | 2b1de88a25ee74ea0964d51d9c494380
Gentoo Linux Security Advisory 201710-18
Posted Oct 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-18 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.2.8 are affected.

tags | advisory, remote, arbitrary, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2016-2337, CVE-2017-0898, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064
MD5 | 89d9e24a5dcaa9215ac841ad02d0e501
Ubuntu Security Notice USN-3456-1
Posted Oct 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3456-1 - It was discovered that the X.Org X server incorrectly handled certain lengths. An attacker able to connect to an X server, either locally or remotely, could use these issues to crash the server, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187
MD5 | 403867f137e0eb5c84d32de98e4769a2
Red Hat Security Advisory 2017-2899-01
Posted Oct 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2899-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-11292
MD5 | 02ed4445c47e4397935369732ee381d4
Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass
Posted Oct 14, 2017
Authored by James Forshaw, Google Security Research

The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
advisories | CVE-2017-11823
MD5 | 1b2d4d07eba9dc0ac29034a6908021a0
Opentext Documentum Content Server File Hijack / Privilege Escalation
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2017-15012
MD5 | 58c1b1e2a0aa3b4d86d6fb406b6bfe31
Opentext Documentum Content Server File Download
Posted Oct 14, 2017
Authored by Andrey B. Panfilov

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions.

tags | exploit, arbitrary
advisories | CVE-2017-15014
MD5 | 77919afb274537f00addfc4378c1136d
Gentoo Linux Security Advisory 201710-14
Posted Oct 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-14 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.16.6:4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043
MD5 | 10b96cd83ebfb69c814d668feea2886e
Gentoo Linux Security Advisory 201710-13
Posted Oct 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-13 - Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.3.10 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
MD5 | ea46d8b742d457674bbef354dfd6ab21
Gentoo Linux Security Advisory 201710-12
Posted Oct 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-12 - Multiple vulnerabilities have been found in Puppet Agent, the worst of which could result in the execution of arbitrary code. Versions less than 1.7.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5714
MD5 | 395df5a785da96cc0ba5be840ad3d6c3
Gentoo Linux Security Advisory 201710-11
Posted Oct 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-11 - Multiple vulnerabilities have been found in GNU Libtasn1, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 4.12-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10790, CVE-2017-6891
MD5 | fc81a9e6076f555809fe9461323ebf2f
Red Hat Security Advisory 2017-2888-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2888-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645, CVE-2017-7957
MD5 | ba560db4bfdf555a5ec7e31fa1dccc6c
Ubuntu Security Notice USN-3454-1
Posted Oct 12, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3454-1 - It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000376
MD5 | 06049d7b2b33d0d9cc2f9cda7795f78a
Ubuntu Security Notice USN-3453-1
Posted Oct 12, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3453-1 - Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session. Michal Srb discovered that the X.Org X server incorrectly handled XKB buffers. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-13721, CVE-2017-13723
MD5 | e9050d546143e3e7cc33f4a53e2d81eb
Red Hat Security Advisory 2017-2885-01
Posted Oct 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2885-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824
MD5 | 5ecafe04b2150ef20fe62849ca983af0
Ubuntu Security Notice USN-3445-2
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3445-2 - USN-3445-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Eyal Itkin discovered that the IP over IEEE 1394 implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8633, CVE-2017-14106
MD5 | 60f5a7002950560d9fe7443edc6540cf
Ubuntu Security Notice USN-3445-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3445-1 - Eyal Itkin discovered that the IP over IEEE 1394 implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2016-8633, CVE-2017-14106
MD5 | 4f1cff5d96815c2ffb8075194ffc53da
Ubuntu Security Notice USN-3436-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3436-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824
MD5 | 4323e9a9cecd97cfdc13a57218217b36
Ubuntu Security Notice USN-3424-2
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3424-2 - USN-3424-1 fixed several vulnerabilities in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that a type confusion error existed in libxml2. An A attacker could use this to specially construct XML data that A could cause a denial of service or possibly execute arbitrary A code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048
MD5 | a992e0f194fd5ae3102acdd45b923004
Ubuntu Security Notice USN-3443-2
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3443-2 - USN-3443-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000255, CVE-2017-14106
MD5 | 91164309cd3b29bf3210db52dcd49238
Ubuntu Security Notice USN-3443-1
Posted Oct 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3443-1 - It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2017-1000255, CVE-2017-14106
MD5 | 0b9e8c257d9b94091abf3f9093e86b5b
Page 1 of 504
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close